diff options
| author |  MarkKoz <[email protected]> | 2021-12-20 15:28:01 -0800 |
|---|---|---|
| committer | MarkKoz <[email protected]> | 2021-12-20 15:28:01 -0800 |
| commit | b1bcd3b04fb2a83fd7bd4fe930582ccf0b6bf627 (patch) | |
| tree | d9be3d05f08fb610343e3a009bb6d179b41c3b17 | |
| parent | Use the system locale's encoding for cgroup files (diff) | |
Update NsJail
The updated versions adds support for telling NsJail to set the max swap
memory in the cgroup.
Resolve #125
| -rw-r--r-- | Dockerfile | 11 | ||||
| -rw-r--r-- | snekbox/config_pb2.py | 1017 |
2 files changed, 49 insertions, 979 deletions
@@ -1,4 +1,7 @@ FROM python:3.10-slim-buster as builder + +WORKDIR /nsjail + RUN apt-get -y update \ && apt-get install -y \ bison=2:3.3.* \ @@ -11,12 +14,8 @@ RUN apt-get -y update \ make=4.2.* \ pkg-config=0.29-6 \ protobuf-compiler=3.6.* -RUN git clone \ - -b '2.9' \ - --single-branch \ - --depth 1 \ - https://github.com/google/nsjail.git /nsjail -WORKDIR /nsjail +RUN git clone -b master --single-branch https://github.com/google/nsjail.git . \ + && git checkout dccf911fd2659e7b08ce9507c25b2b38ec2c5800 RUN make # ------------------------------------------------------------------------------ diff --git a/snekbox/config_pb2.py b/snekbox/config_pb2.py index 35d6a8f..bd4e112 100644 --- a/snekbox/config_pb2.py +++ b/snekbox/config_pb2.py @@ -1,14 +1,13 @@ +# -*- coding: utf-8 -*- # Generated by the protocol buffer compiler. DO NOT EDIT! # source: config.proto - -import sys -_b=sys.version_info[0]<3 and (lambda x:x) or (lambda x:x.encode('latin1')) +"""Generated protocol buffer code.""" from google.protobuf.internal import enum_type_wrapper from google.protobuf import descriptor as _descriptor +from google.protobuf import descriptor_pool as _descriptor_pool from google.protobuf import message as _message from google.protobuf import reflection as _reflection from google.protobuf import symbol_database as _symbol_database -from google.protobuf import descriptor_pb2 # @@protoc_insertion_point(imports) _sym_db = _symbol_database.Default() @@ -16,109 +15,13 @@ _sym_db = _symbol_database.Default() -DESCRIPTOR = _descriptor.FileDescriptor( - name='config.proto', - package='nsjail', - serialized_pb=_b('\n\x0c\x63onfig.proto\x12\x06nsjail\"a\n\x05IdMap\x12\x13\n\tinside_id\x18\x01 \x01(\t:\x00\x12\x14\n\noutside_id\x18\x02 \x01(\t:\x00\x12\x10\n\x05\x63ount\x18\x03 \x01(\r:\x01\x31\x12\x1b\n\x0cuse_newidmap\x18\x04 \x01(\x08:\x05\x66\x61lse\"\xca\x02\n\x07MountPt\x12\r\n\x03src\x18\x01 \x01(\t:\x00\x12\x18\n\x0eprefix_src_env\x18\x02 \x01(\t:\x00\x12\x15\n\x0bsrc_content\x18\x03 \x01(\x0c:\x00\x12\r\n\x03\x64st\x18\x04 \x02(\t:\x00\x12\x18\n\x0eprefix_dst_env\x18\x05 \x01(\t:\x00\x12\x10\n\x06\x66stype\x18\x06 \x01(\t:\x00\x12\x11\n\x07options\x18\x07 \x01(\t:\x00\x12\x16\n\x07is_bind\x18\x08 \x01(\x08:\x05\x66\x61lse\x12\x11\n\x02rw\x18\t \x01(\x08:\x05\x66\x61lse\x12\x0e\n\x06is_dir\x18\n \x01(\x08\x12\x17\n\tmandatory\x18\x0b \x01(\x08:\x04true\x12\x19\n\nis_symlink\x18\x0c \x01(\x08:\x05\x66\x61lse\x12\x15\n\x06nosuid\x18\r \x01(\x08:\x05\x66\x61lse\x12\x14\n\x05nodev\x18\x0e \x01(\x08:\x05\x66\x61lse\x12\x15\n\x06noexec\x18\x0f \x01(\x08:\x05\x66\x61lse\"F\n\x03\x45xe\x12\x0c\n\x04path\x18\x01 \x02(\t\x12\x0b\n\x03\x61rg\x18\x02 \x03(\t\x12\x0c\n\x04\x61rg0\x18\x03 \x01(\t\x12\x16\n\x07\x65xec_fd\x18\x04 \x01(\x08:\x05\x66\x61lse\"\x81\x14\n\x0cNsJailConfig\x12\x0e\n\x04name\x18\x01 \x01(\t:\x00\x12\x13\n\x0b\x64\x65scription\x18\x02 \x03(\t\x12 \n\x04mode\x18\x03 \x01(\x0e\x32\x0c.nsjail.Mode:\x04ONCE\x12\x16\n\nchroot_dir\x18\x04 \x01(\tB\x02\x18\x01\x12\x1d\n\nis_root_rw\x18\x05 \x01(\x08:\x05\x66\x61lseB\x02\x18\x01\x12\x18\n\x08hostname\x18\x08 \x01(\t:\x06NSJAIL\x12\x0e\n\x03\x63wd\x18\t \x01(\t:\x01/\x12\x0f\n\x04port\x18\n \x01(\r:\x01\x30\x12\x14\n\x08\x62indhost\x18\x0b \x01(\t:\x02::\x12\x1b\n\x10max_conns_per_ip\x18\x0c \x01(\r:\x01\x30\x12\x17\n\ntime_limit\x18\r \x01(\r:\x03\x36\x30\x30\x12\x15\n\x06\x64\x61\x65mon\x18\x0e \x01(\x08:\x05\x66\x61lse\x12\x13\n\x08max_cpus\x18\x0f \x01(\r:\x01\x30\x12\x0e\n\x06log_fd\x18\x10 \x01(\x05\x12\x10\n\x08log_file\x18\x11 \x01(\t\x12#\n\tlog_level\x18\x12 \x01(\x0e\x32\x10.nsjail.LogLevel\x12\x17\n\x08keep_env\x18\x13 \x01(\x08:\x05\x66\x61lse\x12\r\n\x05\x65nvar\x18\x14 \x03(\t\x12\x18\n\tkeep_caps\x18\x15 \x01(\x08:\x05\x66\x61lse\x12\x0b\n\x03\x63\x61p\x18\x16 \x03(\t\x12\x15\n\x06silent\x18\x17 \x01(\x08:\x05\x66\x61lse\x12\x1a\n\x0bskip_setsid\x18\x18 \x01(\x08:\x05\x66\x61lse\x12\x1d\n\x0estderr_to_null\x18\x19 \x01(\x08:\x05\x66\x61lse\x12\x0f\n\x07pass_fd\x18\x1a \x03(\x05\x12#\n\x14\x64isable_no_new_privs\x18\x1b \x01(\x08:\x05\x66\x61lse\x12\x17\n\trlimit_as\x18\x1c \x01(\x04:\x04\x34\x30\x39\x36\x12-\n\x0erlimit_as_type\x18\x1d \x01(\x0e\x32\x0e.nsjail.RLimit:\x05VALUE\x12\x16\n\x0brlimit_core\x18\x1e \x01(\x04:\x01\x30\x12/\n\x10rlimit_core_type\x18\x1f \x01(\x0e\x32\x0e.nsjail.RLimit:\x05VALUE\x12\x17\n\nrlimit_cpu\x18 \x01(\x04:\x03\x36\x30\x30\x12.\n\x0frlimit_cpu_type\x18! \x01(\x0e\x32\x0e.nsjail.RLimit:\x05VALUE\x12\x17\n\x0crlimit_fsize\x18\" \x01(\x04:\x01\x31\x12\x30\n\x11rlimit_fsize_type\x18# \x01(\x0e\x32\x0e.nsjail.RLimit:\x05VALUE\x12\x19\n\rrlimit_nofile\x18$ \x01(\x04:\x02\x33\x32\x12\x31\n\x12rlimit_nofile_type\x18% \x01(\x0e\x32\x0e.nsjail.RLimit:\x05VALUE\x12\x1a\n\x0crlimit_nproc\x18& \x01(\x04:\x04\x31\x30\x32\x34\x12/\n\x11rlimit_nproc_type\x18\' \x01(\x0e\x32\x0e.nsjail.RLimit:\x04SOFT\x12\x1d\n\x0crlimit_stack\x18( \x01(\x04:\x07\x31\x30\x34\x38\x35\x37\x36\x12/\n\x11rlimit_stack_type\x18) \x01(\x0e\x32\x0e.nsjail.RLimit:\x04SOFT\x12\x19\n\ndisable_rl\x18T \x01(\x08:\x05\x66\x61lse\x12)\n\x1apersona_addr_compat_layout\x18* \x01(\x08:\x05\x66\x61lse\x12%\n\x16persona_mmap_page_zero\x18+ \x01(\x08:\x05\x66\x61lse\x12(\n\x19persona_read_implies_exec\x18, \x01(\x08:\x05\x66\x61lse\x12%\n\x16persona_addr_limit_3gb\x18- \x01(\x08:\x05\x66\x61lse\x12(\n\x19persona_addr_no_randomize\x18. \x01(\x08:\x05\x66\x61lse\x12\x1a\n\x0c\x63lone_newnet\x18/ \x01(\x08:\x04true\x12\x1b\n\rclone_newuser\x18\x30 \x01(\x08:\x04true\x12\x19\n\x0b\x63lone_newns\x18\x31 \x01(\x08:\x04true\x12\x1a\n\x0c\x63lone_newpid\x18\x32 \x01(\x08:\x04true\x12\x1a\n\x0c\x63lone_newipc\x18\x33 \x01(\x08:\x04true\x12\x1a\n\x0c\x63lone_newuts\x18\x34 \x01(\x08:\x04true\x12\x1d\n\x0f\x63lone_newcgroup\x18\x35 \x01(\x08:\x04true\x12\x1d\n\x06uidmap\x18\x36 \x03(\x0b\x32\r.nsjail.IdMap\x12\x1d\n\x06gidmap\x18\x37 \x03(\x0b\x32\r.nsjail.IdMap\x12\x19\n\nmount_proc\x18\x38 \x01(\x08:\x05\x66\x61lse\x12\x1e\n\x05mount\x18\x39 \x03(\x0b\x32\x0f.nsjail.MountPt\x12\x1b\n\x13seccomp_policy_file\x18: \x01(\t\x12\x16\n\x0eseccomp_string\x18; \x03(\t\x12\x1a\n\x0bseccomp_log\x18< \x01(\x08:\x05\x66\x61lse\x12\x19\n\x0e\x63group_mem_max\x18= \x01(\x04:\x01\x30\x12/\n\x10\x63group_mem_mount\x18> \x01(\t:\x15/sys/fs/cgroup/memory\x12!\n\x11\x63group_mem_parent\x18? \x01(\t:\x06NSJAIL\x12\x1a\n\x0f\x63group_pids_max\x18@ \x01(\x04:\x01\x30\x12.\n\x11\x63group_pids_mount\x18\x41 \x01(\t:\x13/sys/fs/cgroup/pids\x12\"\n\x12\x63group_pids_parent\x18\x42 \x01(\t:\x06NSJAIL\x12!\n\x16\x63group_net_cls_classid\x18\x43 \x01(\r:\x01\x30\x12\x34\n\x14\x63group_net_cls_mount\x18\x44 \x01(\t:\x16/sys/fs/cgroup/net_cls\x12%\n\x15\x63group_net_cls_parent\x18\x45 \x01(\t:\x06NSJAIL\x12 \n\x15\x63group_cpu_ms_per_sec\x18\x46 \x01(\r:\x01\x30\x12,\n\x10\x63group_cpu_mount\x18G \x01(\t:\x12/sys/fs/cgroup/cpu\x12!\n\x11\x63group_cpu_parent\x18H \x01(\t:\x06NSJAIL\x12\x1a\n\x0biface_no_lo\x18I \x01(\x08:\x05\x66\x61lse\x12\x11\n\tiface_own\x18J \x03(\t\x12\x15\n\rmacvlan_iface\x18K \x01(\t\x12\"\n\rmacvlan_vs_ip\x18L \x01(\t:\x0b\x31\x39\x32.168.0.2\x12$\n\rmacvlan_vs_nm\x18M \x01(\t:\r255.255.255.0\x12\"\n\rmacvlan_vs_gw\x18N \x01(\t:\x0b\x31\x39\x32.168.0.1\x12\x17\n\rmacvlan_vs_ma\x18O \x01(\t:\x00\x12\x16\n\nnice_level\x18P \x01(\x05:\x02\x31\x39\x12\x1d\n\x08\x65xec_bin\x18Q \x01(\x0b\x32\x0b.nsjail.Exe\x12&\n\x0e\x63groupv2_mount\x18R \x01(\t:\x0e/sys/fs/cgroup\x12\x1b\n\x0cuse_cgroupv2\x18S \x01(\x08:\x05\x66\x61lse*3\n\x04Mode\x12\n\n\x06LISTEN\x10\x00\x12\x08\n\x04ONCE\x10\x01\x12\t\n\x05RERUN\x10\x02\x12\n\n\x06\x45XECVE\x10\x03*B\n\x08LogLevel\x12\t\n\x05\x44\x45\x42UG\x10\x00\x12\x08\n\x04INFO\x10\x01\x12\x0b\n\x07WARNING\x10\x02\x12\t\n\x05\x45RROR\x10\x03\x12\t\n\x05\x46\x41TAL\x10\x04*0\n\x06RLimit\x12\t\n\x05VALUE\x10\x00\x12\x08\n\x04SOFT\x10\x01\x12\x08\n\x04HARD\x10\x02\x12\x07\n\x03INF\x10\x03') -) -_sym_db.RegisterFileDescriptor(DESCRIPTOR) - -_MODE = _descriptor.EnumDescriptor( - name='Mode', - full_name='nsjail.Mode', - filename=None, - file=DESCRIPTOR, - values=[ - _descriptor.EnumValueDescriptor( - name='LISTEN', index=0, number=0, - options=None, - type=None), - _descriptor.EnumValueDescriptor( - name='ONCE', index=1, number=1, - options=None, - type=None), - _descriptor.EnumValueDescriptor( - name='RERUN', index=2, number=2, - options=None, - type=None), - _descriptor.EnumValueDescriptor( - name='EXECVE', index=3, number=3, - options=None, - type=None), - ], - containing_type=None, - options=None, - serialized_start=3092, - serialized_end=3143, -) -_sym_db.RegisterEnumDescriptor(_MODE) +DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(b'\n\x0c\x63onfig.proto\x12\x06nsjail\"a\n\x05IdMap\x12\x13\n\tinside_id\x18\x01 \x01(\t:\x00\x12\x14\n\noutside_id\x18\x02 \x01(\t:\x00\x12\x10\n\x05\x63ount\x18\x03 \x01(\r:\x01\x31\x12\x1b\n\x0cuse_newidmap\x18\x04 \x01(\x08:\x05\x66\x61lse\"\xca\x02\n\x07MountPt\x12\r\n\x03src\x18\x01 \x01(\t:\x00\x12\x18\n\x0eprefix_src_env\x18\x02 \x01(\t:\x00\x12\x15\n\x0bsrc_content\x18\x03 \x01(\x0c:\x00\x12\r\n\x03\x64st\x18\x04 \x02(\t:\x00\x12\x18\n\x0eprefix_dst_env\x18\x05 \x01(\t:\x00\x12\x10\n\x06\x66stype\x18\x06 \x01(\t:\x00\x12\x11\n\x07options\x18\x07 \x01(\t:\x00\x12\x16\n\x07is_bind\x18\x08 \x01(\x08:\x05\x66\x61lse\x12\x11\n\x02rw\x18\t \x01(\x08:\x05\x66\x61lse\x12\x0e\n\x06is_dir\x18\n \x01(\x08\x12\x17\n\tmandatory\x18\x0b \x01(\x08:\x04true\x12\x19\n\nis_symlink\x18\x0c \x01(\x08:\x05\x66\x61lse\x12\x15\n\x06nosuid\x18\r \x01(\x08:\x05\x66\x61lse\x12\x14\n\x05nodev\x18\x0e \x01(\x08:\x05\x66\x61lse\x12\x15\n\x06noexec\x18\x0f \x01(\x08:\x05\x66\x61lse\"F\n\x03\x45xe\x12\x0c\n\x04path\x18\x01 \x02(\t\x12\x0b\n\x03\x61rg\x18\x02 \x03(\t\x12\x0c\n\x04\x61rg0\x18\x03 \x01(\t\x12\x16\n\x07\x65xec_fd\x18\x04 \x01(\x08:\x05\x66\x61lse\"\xe5\x16\n\x0cNsJailConfig\x12\x0e\n\x04name\x18\x01 \x01(\t:\x00\x12\x13\n\x0b\x64\x65scription\x18\x02 \x03(\t\x12 \n\x04mode\x18\x03 \x01(\x0e\x32\x0c.nsjail.Mode:\x04ONCE\x12\x18\n\x08hostname\x18\x04 \x01(\t:\x06NSJAIL\x12\x0e\n\x03\x63wd\x18\x05 \x01(\t:\x01/\x12\x1b\n\x0cno_pivotroot\x18\x06 \x01(\x08:\x05\x66\x61lse\x12\x0f\n\x04port\x18\x07 \x01(\r:\x01\x30\x12\x14\n\x08\x62indhost\x18\x08 \x01(\t:\x02::\x12\x14\n\tmax_conns\x18\t \x01(\r:\x01\x30\x12\x1b\n\x10max_conns_per_ip\x18\n \x01(\r:\x01\x30\x12\x17\n\ntime_limit\x18\x0b \x01(\r:\x03\x36\x30\x30\x12\x15\n\x06\x64\x61\x65mon\x18\x0c \x01(\x08:\x05\x66\x61lse\x12\x13\n\x08max_cpus\x18\r \x01(\r:\x01\x30\x12\x0e\n\x06log_fd\x18\x0e \x01(\x05\x12\x10\n\x08log_file\x18\x0f \x01(\t\x12#\n\tlog_level\x18\x10 \x01(\x0e\x32\x10.nsjail.LogLevel\x12\x17\n\x08keep_env\x18\x11 \x01(\x08:\x05\x66\x61lse\x12\r\n\x05\x65nvar\x18\x12 \x03(\t\x12\x18\n\tkeep_caps\x18\x13 \x01(\x08:\x05\x66\x61lse\x12\x0b\n\x03\x63\x61p\x18\x14 \x03(\t\x12\x15\n\x06silent\x18\x15 \x01(\x08:\x05\x66\x61lse\x12\x1a\n\x0bskip_setsid\x18\x16 \x01(\x08:\x05\x66\x61lse\x12\x1d\n\x0estderr_to_null\x18\x17 \x01(\x08:\x05\x66\x61lse\x12\x0f\n\x07pass_fd\x18\x18 \x03(\x05\x12#\n\x14\x64isable_no_new_privs\x18\x19 \x01(\x08:\x05\x66\x61lse\x12\x17\n\trlimit_as\x18\x1a \x01(\x04:\x04\x34\x30\x39\x36\x12-\n\x0erlimit_as_type\x18\x1b \x01(\x0e\x32\x0e.nsjail.RLimit:\x05VALUE\x12\x16\n\x0brlimit_core\x18\x1c \x01(\x04:\x01\x30\x12/\n\x10rlimit_core_type\x18\x1d \x01(\x0e\x32\x0e.nsjail.RLimit:\x05VALUE\x12\x17\n\nrlimit_cpu\x18\x1e \x01(\x04:\x03\x36\x30\x30\x12.\n\x0frlimit_cpu_type\x18\x1f \x01(\x0e\x32\x0e.nsjail.RLimit:\x05VALUE\x12\x17\n\x0crlimit_fsize\x18 \x01(\x04:\x01\x31\x12\x30\n\x11rlimit_fsize_type\x18! \x01(\x0e\x32\x0e.nsjail.RLimit:\x05VALUE\x12\x19\n\rrlimit_nofile\x18\" \x01(\x04:\x02\x33\x32\x12\x31\n\x12rlimit_nofile_type\x18# \x01(\x0e\x32\x0e.nsjail.RLimit:\x05VALUE\x12\x1a\n\x0crlimit_nproc\x18$ \x01(\x04:\x04\x31\x30\x32\x34\x12/\n\x11rlimit_nproc_type\x18% \x01(\x0e\x32\x0e.nsjail.RLimit:\x04SOFT\x12\x17\n\x0crlimit_stack\x18& \x01(\x04:\x01\x38\x12/\n\x11rlimit_stack_type\x18\' \x01(\x0e\x32\x0e.nsjail.RLimit:\x04SOFT\x12\x1a\n\x0erlimit_memlock\x18( \x01(\x04:\x02\x36\x34\x12\x31\n\x13rlimit_memlock_type\x18) \x01(\x0e\x32\x0e.nsjail.RLimit:\x04SOFT\x12\x18\n\rrlimit_rtprio\x18* \x01(\x04:\x01\x30\x12\x30\n\x12rlimit_rtprio_type\x18+ \x01(\x0e\x32\x0e.nsjail.RLimit:\x04SOFT\x12\x1d\n\x0frlimit_msgqueue\x18, \x01(\x04:\x04\x31\x30\x32\x34\x12\x32\n\x14rlimit_msgqueue_type\x18- \x01(\x0e\x32\x0e.nsjail.RLimit:\x04SOFT\x12\x19\n\ndisable_rl\x18. \x01(\x08:\x05\x66\x61lse\x12)\n\x1apersona_addr_compat_layout\x18/ \x01(\x08:\x05\x66\x61lse\x12%\n\x16persona_mmap_page_zero\x18\x30 \x01(\x08:\x05\x66\x61lse\x12(\n\x19persona_read_implies_exec\x18\x31 \x01(\x08:\x05\x66\x61lse\x12%\n\x16persona_addr_limit_3gb\x18\x32 \x01(\x08:\x05\x66\x61lse\x12(\n\x19persona_addr_no_randomize\x18\x33 \x01(\x08:\x05\x66\x61lse\x12\x1a\n\x0c\x63lone_newnet\x18\x34 \x01(\x08:\x04true\x12\x1b\n\rclone_newuser\x18\x35 \x01(\x08:\x04true\x12\x19\n\x0b\x63lone_newns\x18\x36 \x01(\x08:\x04true\x12\x1a\n\x0c\x63lone_newpid\x18\x37 \x01(\x08:\x04true\x12\x1a\n\x0c\x63lone_newipc\x18\x38 \x01(\x08:\x04true\x12\x1a\n\x0c\x63lone_newuts\x18\x39 \x01(\x08:\x04true\x12\x1d\n\x0f\x63lone_newcgroup\x18: \x01(\x08:\x04true\x12\x1c\n\rclone_newtime\x18; \x01(\x08:\x05\x66\x61lse\x12\x1d\n\x06uidmap\x18< \x03(\x0b\x32\r.nsjail.IdMap\x12\x1d\n\x06gidmap\x18= \x03(\x0b\x32\r.nsjail.IdMap\x12\x19\n\nmount_proc\x18> \x01(\x08:\x05\x66\x61lse\x12\x1e\n\x05mount\x18? \x03(\x0b\x32\x0f.nsjail.MountPt\x12\x1b\n\x13seccomp_policy_file\x18@ \x01(\t\x12\x16\n\x0eseccomp_string\x18\x41 \x03(\t\x12\x1a\n\x0bseccomp_log\x18\x42 \x01(\x08:\x05\x66\x61lse\x12\x19\n\x0e\x63group_mem_max\x18\x43 \x01(\x04:\x01\x30\x12\x1f\n\x14\x63group_mem_memsw_max\x18[ \x01(\x04:\x01\x30\x12\x1f\n\x13\x63group_mem_swap_max\x18\\ \x01(\x03:\x02-1\x12/\n\x10\x63group_mem_mount\x18\x44 \x01(\t:\x15/sys/fs/cgroup/memory\x12!\n\x11\x63group_mem_parent\x18\x45 \x01(\t:\x06NSJAIL\x12\x1a\n\x0f\x63group_pids_max\x18\x46 \x01(\x04:\x01\x30\x12.\n\x11\x63group_pids_mount\x18G \x01(\t:\x13/sys/fs/cgroup/pids\x12\"\n\x12\x63group_pids_parent\x18H \x01(\t:\x06NSJAIL\x12!\n\x16\x63group_net_cls_classid\x18I \x01(\r:\x01\x30\x12\x34\n\x14\x63group_net_cls_mount\x18J \x01(\t:\x16/sys/fs/cgroup/net_cls\x12%\n\x15\x63group_net_cls_parent\x18K \x01(\t:\x06NSJAIL\x12 \n\x15\x63group_cpu_ms_per_sec\x18L \x01(\r:\x01\x30\x12,\n\x10\x63group_cpu_mount\x18M \x01(\t:\x12/sys/fs/cgroup/cpu\x12!\n\x11\x63group_cpu_parent\x18N \x01(\t:\x06NSJAIL\x12&\n\x0e\x63groupv2_mount\x18O \x01(\t:\x0e/sys/fs/cgroup\x12\x1b\n\x0cuse_cgroupv2\x18P \x01(\x08:\x05\x66\x61lse\x12\x1a\n\x0biface_no_lo\x18Q \x01(\x08:\x05\x66\x61lse\x12\x11\n\tiface_own\x18R \x03(\t\x12\x15\n\rmacvlan_iface\x18S \x01(\t\x12\"\n\rmacvlan_vs_ip\x18T \x01(\t:\x0b\x31\x39\x32.168.0.2\x12$\n\rmacvlan_vs_nm\x18U \x01(\t:\r255.255.255.0\x12\"\n\rmacvlan_vs_gw\x18V \x01(\t:\x0b\x31\x39\x32.168.0.1\x12\x17\n\rmacvlan_vs_ma\x18W \x01(\t:\x00\x12\x1e\n\rmacvlan_vs_mo\x18X \x01(\t:\x07private\x12\x16\n\nnice_level\x18Y \x01(\x05:\x02\x31\x39\x12\x1d\n\x08\x65xec_bin\x18Z \x01(\x0b\x32\x0b.nsjail.Exe*3\n\x04Mode\x12\n\n\x06LISTEN\x10\x00\x12\x08\n\x04ONCE\x10\x01\x12\t\n\x05RERUN\x10\x02\x12\n\n\x06\x45XECVE\x10\x03*B\n\x08LogLevel\x12\t\n\x05\x44\x45\x42UG\x10\x00\x12\x08\n\x04INFO\x10\x01\x12\x0b\n\x07WARNING\x10\x02\x12\t\n\x05\x45RROR\x10\x03\x12\t\n\x05\x46\x41TAL\x10\x04*0\n\x06RLimit\x12\t\n\x05VALUE\x10\x00\x12\x08\n\x04SOFT\x10\x01\x12\x08\n\x04HARD\x10\x02\x12\x07\n\x03INF\x10\x03') +_MODE = DESCRIPTOR.enum_types_by_name['Mode'] Mode = enum_type_wrapper.EnumTypeWrapper(_MODE) -_LOGLEVEL = _descriptor.EnumDescriptor( - name='LogLevel', - full_name='nsjail.LogLevel', - filename=None, - file=DESCRIPTOR, - values=[ - _descriptor.EnumValueDescriptor( - name='DEBUG', index=0, number=0, - options=None, - type=None), - _descriptor.EnumValueDescriptor( - name='INFO', index=1, number=1, - options=None, - type=None), - _descriptor.EnumValueDescriptor( - name='WARNING', index=2, number=2, - options=None, - type=None), - _descriptor.EnumValueDescriptor( - name='ERROR', index=3, number=3, - options=None, - type=None), - _descriptor.EnumValueDescriptor( - name='FATAL', index=4, number=4, - options=None, - type=None), - ], - containing_type=None, - options=None, - serialized_start=3145, - serialized_end=3211, -) -_sym_db.RegisterEnumDescriptor(_LOGLEVEL) - +_LOGLEVEL = DESCRIPTOR.enum_types_by_name['LogLevel'] LogLevel = enum_type_wrapper.EnumTypeWrapper(_LOGLEVEL) -_RLIMIT = _descriptor.EnumDescriptor( - name='RLimit', - full_name='nsjail.RLimit', - filename=None, - file=DESCRIPTOR, - values=[ - _descriptor.EnumValueDescriptor( - name='VALUE', index=0, number=0, - options=None, - type=None), - _descriptor.EnumValueDescriptor( - name='SOFT', index=1, number=1, - options=None, - type=None), - _descriptor.EnumValueDescriptor( - name='HARD', index=2, number=2, - options=None, - type=None), - _descriptor.EnumValueDescriptor( - name='INF', index=3, number=3, - options=None, - type=None), - ], - containing_type=None, - options=None, - serialized_start=3213, - serialized_end=3261, -) -_sym_db.RegisterEnumDescriptor(_RLIMIT) - +_RLIMIT = DESCRIPTOR.enum_types_by_name['RLimit'] RLimit = enum_type_wrapper.EnumTypeWrapper(_RLIMIT) LISTEN = 0 ONCE = 1 @@ -135,885 +38,53 @@ HARD = 2 INF = 3 - -_IDMAP = _descriptor.Descriptor( - name='IdMap', - full_name='nsjail.IdMap', - filename=None, - file=DESCRIPTOR, - containing_type=None, - fields=[ - _descriptor.FieldDescriptor( - name='inside_id', full_name='nsjail.IdMap.inside_id', index=0, - number=1, type=9, cpp_type=9, label=1, - has_default_value=True, default_value=_b("").decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='outside_id', full_name='nsjail.IdMap.outside_id', index=1, - number=2, type=9, cpp_type=9, label=1, - has_default_value=True, default_value=_b("").decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='count', full_name='nsjail.IdMap.count', index=2, - number=3, type=13, cpp_type=3, label=1, - has_default_value=True, default_value=1, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='use_newidmap', full_name='nsjail.IdMap.use_newidmap', index=3, - number=4, type=8, cpp_type=7, label=1, - has_default_value=True, default_value=False, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - ], - extensions=[ - ], - nested_types=[], - enum_types=[ - ], - options=None, - is_extendable=False, - extension_ranges=[], - oneofs=[ - ], - serialized_start=24, - serialized_end=121, -) - - -_MOUNTPT = _descriptor.Descriptor( - name='MountPt', - full_name='nsjail.MountPt', - filename=None, - file=DESCRIPTOR, - containing_type=None, - fields=[ - _descriptor.FieldDescriptor( - name='src', full_name='nsjail.MountPt.src', index=0, - number=1, type=9, cpp_type=9, label=1, - has_default_value=True, default_value=_b("").decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='prefix_src_env', full_name='nsjail.MountPt.prefix_src_env', index=1, - number=2, type=9, cpp_type=9, label=1, - has_default_value=True, default_value=_b("").decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='src_content', full_name='nsjail.MountPt.src_content', index=2, - number=3, type=12, cpp_type=9, label=1, - has_default_value=True, default_value=_b(""), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='dst', full_name='nsjail.MountPt.dst', index=3, - number=4, type=9, cpp_type=9, label=2, - has_default_value=True, default_value=_b("").decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='prefix_dst_env', full_name='nsjail.MountPt.prefix_dst_env', index=4, - number=5, type=9, cpp_type=9, label=1, - has_default_value=True, default_value=_b("").decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='fstype', full_name='nsjail.MountPt.fstype', index=5, - number=6, type=9, cpp_type=9, label=1, - has_default_value=True, default_value=_b("").decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='options', full_name='nsjail.MountPt.options', index=6, - number=7, type=9, cpp_type=9, label=1, - has_default_value=True, default_value=_b("").decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='is_bind', full_name='nsjail.MountPt.is_bind', index=7, - number=8, type=8, cpp_type=7, label=1, - has_default_value=True, default_value=False, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='rw', full_name='nsjail.MountPt.rw', index=8, - number=9, type=8, cpp_type=7, label=1, - has_default_value=True, default_value=False, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='is_dir', full_name='nsjail.MountPt.is_dir', index=9, - number=10, type=8, cpp_type=7, label=1, - has_default_value=False, default_value=False, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='mandatory', full_name='nsjail.MountPt.mandatory', index=10, - number=11, type=8, cpp_type=7, label=1, - has_default_value=True, default_value=True, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='is_symlink', full_name='nsjail.MountPt.is_symlink', index=11, - number=12, type=8, cpp_type=7, label=1, - has_default_value=True, default_value=False, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='nosuid', full_name='nsjail.MountPt.nosuid', index=12, - number=13, type=8, cpp_type=7, label=1, - has_default_value=True, default_value=False, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='nodev', full_name='nsjail.MountPt.nodev', index=13, - number=14, type=8, cpp_type=7, label=1, - has_default_value=True, default_value=False, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='noexec', full_name='nsjail.MountPt.noexec', index=14, - number=15, type=8, cpp_type=7, label=1, - has_default_value=True, default_value=False, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - ], - extensions=[ - ], - nested_types=[], - enum_types=[ - ], - options=None, - is_extendable=False, - extension_ranges=[], - oneofs=[ - ], - serialized_start=124, - serialized_end=454, -) - - -_EXE = _descriptor.Descriptor( - name='Exe', - full_name='nsjail.Exe', - filename=None, - file=DESCRIPTOR, - containing_type=None, - fields=[ - _descriptor.FieldDescriptor( - name='path', full_name='nsjail.Exe.path', index=0, - number=1, type=9, cpp_type=9, label=2, - has_default_value=False, default_value=_b("").decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='arg', full_name='nsjail.Exe.arg', index=1, - number=2, type=9, cpp_type=9, label=3, - has_default_value=False, default_value=[], - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='arg0', full_name='nsjail.Exe.arg0', index=2, - number=3, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=_b("").decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='exec_fd', full_name='nsjail.Exe.exec_fd', index=3, - number=4, type=8, cpp_type=7, label=1, - has_default_value=True, default_value=False, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - ], - extensions=[ - ], - nested_types=[], - enum_types=[ - ], - options=None, - is_extendable=False, - extension_ranges=[], - oneofs=[ - ], - serialized_start=456, - serialized_end=526, -) - - -_NSJAILCONFIG = _descriptor.Descriptor( - name='NsJailConfig', - full_name='nsjail.NsJailConfig', - filename=None, - file=DESCRIPTOR, - containing_type=None, - fields=[ - _descriptor.FieldDescriptor( - name='name', full_name='nsjail.NsJailConfig.name', index=0, - number=1, type=9, cpp_type=9, label=1, - has_default_value=True, default_value=_b("").decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='description', full_name='nsjail.NsJailConfig.description', index=1, - number=2, type=9, cpp_type=9, label=3, - has_default_value=False, default_value=[], - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='mode', full_name='nsjail.NsJailConfig.mode', index=2, - number=3, type=14, cpp_type=8, label=1, - has_default_value=True, default_value=1, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='chroot_dir', full_name='nsjail.NsJailConfig.chroot_dir', index=3, - number=4, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=_b("").decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=_descriptor._ParseOptions(descriptor_pb2.FieldOptions(), _b('\030\001'))), - _descriptor.FieldDescriptor( - name='is_root_rw', full_name='nsjail.NsJailConfig.is_root_rw', index=4, - number=5, type=8, cpp_type=7, label=1, - has_default_value=True, default_value=False, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=_descriptor._ParseOptions(descriptor_pb2.FieldOptions(), _b('\030\001'))), - _descriptor.FieldDescriptor( - name='hostname', full_name='nsjail.NsJailConfig.hostname', index=5, - number=8, type=9, cpp_type=9, label=1, - has_default_value=True, default_value=_b("NSJAIL").decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='cwd', full_name='nsjail.NsJailConfig.cwd', index=6, - number=9, type=9, cpp_type=9, label=1, - has_default_value=True, default_value=_b("/").decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='port', full_name='nsjail.NsJailConfig.port', index=7, - number=10, type=13, cpp_type=3, label=1, - has_default_value=True, default_value=0, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='bindhost', full_name='nsjail.NsJailConfig.bindhost', index=8, - number=11, type=9, cpp_type=9, label=1, - has_default_value=True, default_value=_b("::").decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='max_conns_per_ip', full_name='nsjail.NsJailConfig.max_conns_per_ip', index=9, - number=12, type=13, cpp_type=3, label=1, - has_default_value=True, default_value=0, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='time_limit', full_name='nsjail.NsJailConfig.time_limit', index=10, - number=13, type=13, cpp_type=3, label=1, - has_default_value=True, default_value=600, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='daemon', full_name='nsjail.NsJailConfig.daemon', index=11, - number=14, type=8, cpp_type=7, label=1, - has_default_value=True, default_value=False, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='max_cpus', full_name='nsjail.NsJailConfig.max_cpus', index=12, - number=15, type=13, cpp_type=3, label=1, - has_default_value=True, default_value=0, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='log_fd', full_name='nsjail.NsJailConfig.log_fd', index=13, - number=16, type=5, cpp_type=1, label=1, - has_default_value=False, default_value=0, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='log_file', full_name='nsjail.NsJailConfig.log_file', index=14, - number=17, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=_b("").decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='log_level', full_name='nsjail.NsJailConfig.log_level', index=15, - number=18, type=14, cpp_type=8, label=1, - has_default_value=False, default_value=0, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='keep_env', full_name='nsjail.NsJailConfig.keep_env', index=16, - number=19, type=8, cpp_type=7, label=1, - has_default_value=True, default_value=False, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='envar', full_name='nsjail.NsJailConfig.envar', index=17, - number=20, type=9, cpp_type=9, label=3, - has_default_value=False, default_value=[], - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='keep_caps', full_name='nsjail.NsJailConfig.keep_caps', index=18, - number=21, type=8, cpp_type=7, label=1, - has_default_value=True, default_value=False, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='cap', full_name='nsjail.NsJailConfig.cap', index=19, - number=22, type=9, cpp_type=9, label=3, - has_default_value=False, default_value=[], - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='silent', full_name='nsjail.NsJailConfig.silent', index=20, - number=23, type=8, cpp_type=7, label=1, - has_default_value=True, default_value=False, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='skip_setsid', full_name='nsjail.NsJailConfig.skip_setsid', index=21, - number=24, type=8, cpp_type=7, label=1, - has_default_value=True, default_value=False, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='stderr_to_null', full_name='nsjail.NsJailConfig.stderr_to_null', index=22, - number=25, type=8, cpp_type=7, label=1, - has_default_value=True, default_value=False, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='pass_fd', full_name='nsjail.NsJailConfig.pass_fd', index=23, - number=26, type=5, cpp_type=1, label=3, - has_default_value=False, default_value=[], - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='disable_no_new_privs', full_name='nsjail.NsJailConfig.disable_no_new_privs', index=24, - number=27, type=8, cpp_type=7, label=1, - has_default_value=True, default_value=False, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='rlimit_as', full_name='nsjail.NsJailConfig.rlimit_as', index=25, - number=28, type=4, cpp_type=4, label=1, - has_default_value=True, default_value=4096, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='rlimit_as_type', full_name='nsjail.NsJailConfig.rlimit_as_type', index=26, - number=29, type=14, cpp_type=8, label=1, - has_default_value=True, default_value=0, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='rlimit_core', full_name='nsjail.NsJailConfig.rlimit_core', index=27, - number=30, type=4, cpp_type=4, label=1, - has_default_value=True, default_value=0, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='rlimit_core_type', full_name='nsjail.NsJailConfig.rlimit_core_type', index=28, - number=31, type=14, cpp_type=8, label=1, - has_default_value=True, default_value=0, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='rlimit_cpu', full_name='nsjail.NsJailConfig.rlimit_cpu', index=29, - number=32, type=4, cpp_type=4, label=1, - has_default_value=True, default_value=600, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='rlimit_cpu_type', full_name='nsjail.NsJailConfig.rlimit_cpu_type', index=30, - number=33, type=14, cpp_type=8, label=1, - has_default_value=True, default_value=0, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='rlimit_fsize', full_name='nsjail.NsJailConfig.rlimit_fsize', index=31, - number=34, type=4, cpp_type=4, label=1, - has_default_value=True, default_value=1, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='rlimit_fsize_type', full_name='nsjail.NsJailConfig.rlimit_fsize_type', index=32, - number=35, type=14, cpp_type=8, label=1, - has_default_value=True, default_value=0, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='rlimit_nofile', full_name='nsjail.NsJailConfig.rlimit_nofile', index=33, - number=36, type=4, cpp_type=4, label=1, - has_default_value=True, default_value=32, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='rlimit_nofile_type', full_name='nsjail.NsJailConfig.rlimit_nofile_type', index=34, - number=37, type=14, cpp_type=8, label=1, - has_default_value=True, default_value=0, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='rlimit_nproc', full_name='nsjail.NsJailConfig.rlimit_nproc', index=35, - number=38, type=4, cpp_type=4, label=1, - has_default_value=True, default_value=1024, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='rlimit_nproc_type', full_name='nsjail.NsJailConfig.rlimit_nproc_type', index=36, - number=39, type=14, cpp_type=8, label=1, - has_default_value=True, default_value=1, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='rlimit_stack', full_name='nsjail.NsJailConfig.rlimit_stack', index=37, - number=40, type=4, cpp_type=4, label=1, - has_default_value=True, default_value=1048576, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='rlimit_stack_type', full_name='nsjail.NsJailConfig.rlimit_stack_type', index=38, - number=41, type=14, cpp_type=8, label=1, - has_default_value=True, default_value=1, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='disable_rl', full_name='nsjail.NsJailConfig.disable_rl', index=39, - number=84, type=8, cpp_type=7, label=1, - has_default_value=True, default_value=False, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='persona_addr_compat_layout', full_name='nsjail.NsJailConfig.persona_addr_compat_layout', index=40, - number=42, type=8, cpp_type=7, label=1, - has_default_value=True, default_value=False, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='persona_mmap_page_zero', full_name='nsjail.NsJailConfig.persona_mmap_page_zero', index=41, - number=43, type=8, cpp_type=7, label=1, - has_default_value=True, default_value=False, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='persona_read_implies_exec', full_name='nsjail.NsJailConfig.persona_read_implies_exec', index=42, - number=44, type=8, cpp_type=7, label=1, - has_default_value=True, default_value=False, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='persona_addr_limit_3gb', full_name='nsjail.NsJailConfig.persona_addr_limit_3gb', index=43, - number=45, type=8, cpp_type=7, label=1, - has_default_value=True, default_value=False, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='persona_addr_no_randomize', full_name='nsjail.NsJailConfig.persona_addr_no_randomize', index=44, - number=46, type=8, cpp_type=7, label=1, - has_default_value=True, default_value=False, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='clone_newnet', full_name='nsjail.NsJailConfig.clone_newnet', index=45, - number=47, type=8, cpp_type=7, label=1, - has_default_value=True, default_value=True, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='clone_newuser', full_name='nsjail.NsJailConfig.clone_newuser', index=46, - number=48, type=8, cpp_type=7, label=1, - has_default_value=True, default_value=True, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='clone_newns', full_name='nsjail.NsJailConfig.clone_newns', index=47, - number=49, type=8, cpp_type=7, label=1, - has_default_value=True, default_value=True, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='clone_newpid', full_name='nsjail.NsJailConfig.clone_newpid', index=48, - number=50, type=8, cpp_type=7, label=1, - has_default_value=True, default_value=True, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='clone_newipc', full_name='nsjail.NsJailConfig.clone_newipc', index=49, - number=51, type=8, cpp_type=7, label=1, - has_default_value=True, default_value=True, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='clone_newuts', full_name='nsjail.NsJailConfig.clone_newuts', index=50, - number=52, type=8, cpp_type=7, label=1, - has_default_value=True, default_value=True, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='clone_newcgroup', full_name='nsjail.NsJailConfig.clone_newcgroup', index=51, - number=53, type=8, cpp_type=7, label=1, - has_default_value=True, default_value=True, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='uidmap', full_name='nsjail.NsJailConfig.uidmap', index=52, - number=54, type=11, cpp_type=10, label=3, - has_default_value=False, default_value=[], - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='gidmap', full_name='nsjail.NsJailConfig.gidmap', index=53, - number=55, type=11, cpp_type=10, label=3, - has_default_value=False, default_value=[], - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='mount_proc', full_name='nsjail.NsJailConfig.mount_proc', index=54, - number=56, type=8, cpp_type=7, label=1, - has_default_value=True, default_value=False, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='mount', full_name='nsjail.NsJailConfig.mount', index=55, - number=57, type=11, cpp_type=10, label=3, - has_default_value=False, default_value=[], - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='seccomp_policy_file', full_name='nsjail.NsJailConfig.seccomp_policy_file', index=56, - number=58, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=_b("").decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='seccomp_string', full_name='nsjail.NsJailConfig.seccomp_string', index=57, - number=59, type=9, cpp_type=9, label=3, - has_default_value=False, default_value=[], - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='seccomp_log', full_name='nsjail.NsJailConfig.seccomp_log', index=58, - number=60, type=8, cpp_type=7, label=1, - has_default_value=True, default_value=False, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='cgroup_mem_max', full_name='nsjail.NsJailConfig.cgroup_mem_max', index=59, - number=61, type=4, cpp_type=4, label=1, - has_default_value=True, default_value=0, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='cgroup_mem_mount', full_name='nsjail.NsJailConfig.cgroup_mem_mount', index=60, - number=62, type=9, cpp_type=9, label=1, - has_default_value=True, default_value=_b("/sys/fs/cgroup/memory").decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='cgroup_mem_parent', full_name='nsjail.NsJailConfig.cgroup_mem_parent', index=61, - number=63, type=9, cpp_type=9, label=1, - has_default_value=True, default_value=_b("NSJAIL").decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='cgroup_pids_max', full_name='nsjail.NsJailConfig.cgroup_pids_max', index=62, - number=64, type=4, cpp_type=4, label=1, - has_default_value=True, default_value=0, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='cgroup_pids_mount', full_name='nsjail.NsJailConfig.cgroup_pids_mount', index=63, - number=65, type=9, cpp_type=9, label=1, - has_default_value=True, default_value=_b("/sys/fs/cgroup/pids").decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='cgroup_pids_parent', full_name='nsjail.NsJailConfig.cgroup_pids_parent', index=64, - number=66, type=9, cpp_type=9, label=1, - has_default_value=True, default_value=_b("NSJAIL").decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='cgroup_net_cls_classid', full_name='nsjail.NsJailConfig.cgroup_net_cls_classid', index=65, - number=67, type=13, cpp_type=3, label=1, - has_default_value=True, default_value=0, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='cgroup_net_cls_mount', full_name='nsjail.NsJailConfig.cgroup_net_cls_mount', index=66, - number=68, type=9, cpp_type=9, label=1, - has_default_value=True, default_value=_b("/sys/fs/cgroup/net_cls").decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='cgroup_net_cls_parent', full_name='nsjail.NsJailConfig.cgroup_net_cls_parent', index=67, - number=69, type=9, cpp_type=9, label=1, - has_default_value=True, default_value=_b("NSJAIL").decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='cgroup_cpu_ms_per_sec', full_name='nsjail.NsJailConfig.cgroup_cpu_ms_per_sec', index=68, - number=70, type=13, cpp_type=3, label=1, - has_default_value=True, default_value=0, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='cgroup_cpu_mount', full_name='nsjail.NsJailConfig.cgroup_cpu_mount', index=69, - number=71, type=9, cpp_type=9, label=1, - has_default_value=True, default_value=_b("/sys/fs/cgroup/cpu").decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='cgroup_cpu_parent', full_name='nsjail.NsJailConfig.cgroup_cpu_parent', index=70, - number=72, type=9, cpp_type=9, label=1, - has_default_value=True, default_value=_b("NSJAIL").decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='iface_no_lo', full_name='nsjail.NsJailConfig.iface_no_lo', index=71, - number=73, type=8, cpp_type=7, label=1, - has_default_value=True, default_value=False, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='iface_own', full_name='nsjail.NsJailConfig.iface_own', index=72, - number=74, type=9, cpp_type=9, label=3, - has_default_value=False, default_value=[], - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='macvlan_iface', full_name='nsjail.NsJailConfig.macvlan_iface', index=73, - number=75, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=_b("").decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='macvlan_vs_ip', full_name='nsjail.NsJailConfig.macvlan_vs_ip', index=74, - number=76, type=9, cpp_type=9, label=1, - has_default_value=True, default_value=_b("192.168.0.2").decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='macvlan_vs_nm', full_name='nsjail.NsJailConfig.macvlan_vs_nm', index=75, - number=77, type=9, cpp_type=9, label=1, - has_default_value=True, default_value=_b("255.255.255.0").decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='macvlan_vs_gw', full_name='nsjail.NsJailConfig.macvlan_vs_gw', index=76, - number=78, type=9, cpp_type=9, label=1, - has_default_value=True, default_value=_b("192.168.0.1").decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='macvlan_vs_ma', full_name='nsjail.NsJailConfig.macvlan_vs_ma', index=77, - number=79, type=9, cpp_type=9, label=1, - has_default_value=True, default_value=_b("").decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='nice_level', full_name='nsjail.NsJailConfig.nice_level', index=78, - number=80, type=5, cpp_type=1, label=1, - has_default_value=True, default_value=19, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='exec_bin', full_name='nsjail.NsJailConfig.exec_bin', index=79, - number=81, type=11, cpp_type=10, label=1, - has_default_value=False, default_value=None, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='cgroupv2_mount', full_name='nsjail.NsJailConfig.cgroupv2_mount', index=80, - number=82, type=9, cpp_type=9, label=1, - has_default_value=True, default_value=_b("/sys/fs/cgroup").decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - _descriptor.FieldDescriptor( - name='use_cgroupv2', full_name='nsjail.NsJailConfig.use_cgroupv2', index=81, - number=83, type=8, cpp_type=7, label=1, - has_default_value=True, default_value=False, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None), - ], - extensions=[ - ], - nested_types=[], - enum_types=[ - ], - options=None, - is_extendable=False, - extension_ranges=[], - oneofs=[ - ], - serialized_start=529, - serialized_end=3090, -) - -_NSJAILCONFIG.fields_by_name['mode'].enum_type = _MODE -_NSJAILCONFIG.fields_by_name['log_level'].enum_type = _LOGLEVEL -_NSJAILCONFIG.fields_by_name['rlimit_as_type'].enum_type = _RLIMIT -_NSJAILCONFIG.fields_by_name['rlimit_core_type'].enum_type = _RLIMIT -_NSJAILCONFIG.fields_by_name['rlimit_cpu_type'].enum_type = _RLIMIT -_NSJAILCONFIG.fields_by_name['rlimit_fsize_type'].enum_type = _RLIMIT -_NSJAILCONFIG.fields_by_name['rlimit_nofile_type'].enum_type = _RLIMIT -_NSJAILCONFIG.fields_by_name['rlimit_nproc_type'].enum_type = _RLIMIT -_NSJAILCONFIG.fields_by_name['rlimit_stack_type'].enum_type = _RLIMIT -_NSJAILCONFIG.fields_by_name['uidmap'].message_type = _IDMAP -_NSJAILCONFIG.fields_by_name['gidmap'].message_type = _IDMAP -_NSJAILCONFIG.fields_by_name['mount'].message_type = _MOUNTPT -_NSJAILCONFIG.fields_by_name['exec_bin'].message_type = _EXE -DESCRIPTOR.message_types_by_name['IdMap'] = _IDMAP -DESCRIPTOR.message_types_by_name['MountPt'] = _MOUNTPT -DESCRIPTOR.message_types_by_name['Exe'] = _EXE -DESCRIPTOR.message_types_by_name['NsJailConfig'] = _NSJAILCONFIG -DESCRIPTOR.enum_types_by_name['Mode'] = _MODE -DESCRIPTOR.enum_types_by_name['LogLevel'] = _LOGLEVEL -DESCRIPTOR.enum_types_by_name['RLimit'] = _RLIMIT - -IdMap = _reflection.GeneratedProtocolMessageType('IdMap', (_message.Message,), dict( - DESCRIPTOR = _IDMAP, - __module__ = 'config_pb2' +_IDMAP = DESCRIPTOR.message_types_by_name['IdMap'] +_MOUNTPT = DESCRIPTOR.message_types_by_name['MountPt'] +_EXE = DESCRIPTOR.message_types_by_name['Exe'] +_NSJAILCONFIG = DESCRIPTOR.message_types_by_name['NsJailConfig'] +IdMap = _reflection.GeneratedProtocolMessageType('IdMap', (_message.Message,), { + 'DESCRIPTOR' : _IDMAP, + '__module__' : 'config_pb2' # @@protoc_insertion_point(class_scope:nsjail.IdMap) - )) + }) _sym_db.RegisterMessage(IdMap) -MountPt = _reflection.GeneratedProtocolMessageType('MountPt', (_message.Message,), dict( - DESCRIPTOR = _MOUNTPT, - __module__ = 'config_pb2' +MountPt = _reflection.GeneratedProtocolMessageType('MountPt', (_message.Message,), { + 'DESCRIPTOR' : _MOUNTPT, + '__module__' : 'config_pb2' # @@protoc_insertion_point(class_scope:nsjail.MountPt) - )) + }) _sym_db.RegisterMessage(MountPt) -Exe = _reflection.GeneratedProtocolMessageType('Exe', (_message.Message,), dict( - DESCRIPTOR = _EXE, - __module__ = 'config_pb2' +Exe = _reflection.GeneratedProtocolMessageType('Exe', (_message.Message,), { + 'DESCRIPTOR' : _EXE, + '__module__' : 'config_pb2' # @@protoc_insertion_point(class_scope:nsjail.Exe) - )) + }) _sym_db.RegisterMessage(Exe) -NsJailConfig = _reflection.GeneratedProtocolMessageType('NsJailConfig', (_message.Message,), dict( - DESCRIPTOR = _NSJAILCONFIG, - __module__ = 'config_pb2' +NsJailConfig = _reflection.GeneratedProtocolMessageType('NsJailConfig', (_message.Message,), { + 'DESCRIPTOR' : _NSJAILCONFIG, + '__module__' : 'config_pb2' # @@protoc_insertion_point(class_scope:nsjail.NsJailConfig) - )) + }) _sym_db.RegisterMessage(NsJailConfig) - -_NSJAILCONFIG.fields_by_name['chroot_dir'].has_options = True -_NSJAILCONFIG.fields_by_name['chroot_dir']._options = _descriptor._ParseOptions(descriptor_pb2.FieldOptions(), _b('\030\001')) -_NSJAILCONFIG.fields_by_name['is_root_rw'].has_options = True -_NSJAILCONFIG.fields_by_name['is_root_rw']._options = _descriptor._ParseOptions(descriptor_pb2.FieldOptions(), _b('\030\001')) +if _descriptor._USE_C_DESCRIPTORS == False: + + DESCRIPTOR._options = None + _MODE._serialized_start=3448 + _MODE._serialized_end=3499 + _LOGLEVEL._serialized_start=3501 + _LOGLEVEL._serialized_end=3567 + _RLIMIT._serialized_start=3569 + _RLIMIT._serialized_end=3617 + _IDMAP._serialized_start=24 + _IDMAP._serialized_end=121 + _MOUNTPT._serialized_start=124 + _MOUNTPT._serialized_end=454 + _EXE._serialized_start=456 + _EXE._serialized_end=526 + _NSJAILCONFIG._serialized_start=529 + _NSJAILCONFIG._serialized_end=3446 # @@protoc_insertion_point(module_scope) |